Premier Digital Forensics & Incident Response Organization

Incident Response

Dealing with targeted security incidents is a very challenging situation for any organization; the skills required to handle such incidents are rarely found in the typical SOC (even for Fortune 500 corporations). Our incident response organization has 15+ years’ experience in executing incident response investigations of advanced persistent threats (APTs) in very complex environments from different industries and geographical locations.

Offensive Shield’s IR consultants have extensive experience in successfully handling engagements involving some of the most advanced APTs that made the news headlines.

Digital Forensics

Offensive Shield also provides Digital Forensics investigations (as part of the IR engagement or on-demand). One of the most sophisticated area of the DFIR field Digital Forensics (DF) can answer questions that an IR investigation may not be able to. DF requires very high technical skills and can be very helpful in number of complex investigations such as when the threat actor tries to hide its tracks or for internal corporate investigations that may lead up to law enforcement involvement.

Why Incident Response from Offensive Shield?

In all Incident Response engagements, the experts of our digital forensics incident response organization use industry validated tools and investigation techniques to:

Contain the threats from further doing damage to the business assets, operations and/or reputation

Analyze the tools techniques and procedures of the threat actors

Remove adversaries from the corporate environment

Provide remediation guidance to restore the environment back to production and with an improved security posture.

Digital Forensics (DF) most of the times is a required part of a complex Incident Response engagement to assess all the implications of the compromise/breach. While Incident Response has a heavy focus on restoring services back to production as soon as possible, Digital Forensics is a deep dive using all the existing digital evidence (e.g. disk images, memory dumps, network based evidence) to answer some of the hardest riddles of the cyber investigation.

At our digital forensics incident response organization, such investigations can also be initiated “on-demand” in case suspicious/unexplained events are observed in relation to critical production environment.


Both services can be invoked at any time, however in the case of Emergency IR our IR consultants will have to make the most of the available evidence in the customer’s environment. Often times critical evidence is incomplete or completely missing which can prolong the investigation time and sometimes it can even result in important questions unanswered.

With an IR Retainer, during the onboarding phase the client is provided with actionable recommendations to enable and improve existing detection capabilities to ensure the IR engagement will be very efficient in minimizing the cyber-attack business impact.

At our digital forensics incident response organization, IR Retainers come bundled with other services to ensure the client’s overall security posture will be improved. Near the end of the contract period Offensive Shield together with the customer’s security team will agree on which services would be most suited.

No, it is not. A cyber insurance offers the same service as described for Emergency IR. Even more, if there are no incidents during the period of the insurance contract there will be no other security services delivered for the money paid (like in the case of an IR Retainer).



Feel free to call us at

+44 20 3918 8614Or Email Us!